mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-18 02:16:59 +02:00
bump(metadata/glsa): sync with upstream
This commit is contained in:
David Michael
parent
bfb3066a52
commit
917dcedec8
@ -13,7 +13,7 @@
|
||||
<bug>46246</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="media-video/mplayer" auto="yes" arch="x86 and sparc">
|
||||
<package name="media-video/mplayer" auto="yes" arch="x86 sparc">
|
||||
<unaffected range="ge">0.92-r1</unaffected>
|
||||
<vulnerable range="le">0.92</vulnerable>
|
||||
</package>
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
<bug>133524</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-lang/php" auto="yes" arch="arm hppa ppc s390 sh sparc x86 x86-fbsd">
|
||||
<package name="dev-lang/php" auto="yes" arch="arm hppa ppc s390 sh sparc x86">
|
||||
<unaffected range="ge">5.1.4</unaffected>
|
||||
<unaffected range="rge">4.4.2-r2</unaffected>
|
||||
<unaffected range="rge">4.4.3-r1</unaffected>
|
||||
|
||||
@ -6,8 +6,8 @@
|
||||
execution of arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">tftp-hpa</product>
|
||||
<announced>June 21, 2012</announced>
|
||||
<revised>June 21, 2012: draft</revised>
|
||||
<announced>2012-06-21</announced>
|
||||
<revised>2017-04-17: 3</revised>
|
||||
<bug>374001</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
@ -44,8 +44,6 @@
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2199">CVE-2011-2199</uri>
|
||||
</references>
|
||||
<metadata timestamp="Fri, 07 Oct 2011 23:37:00 +0000" tag="requester">
|
||||
underling
|
||||
</metadata>
|
||||
<metadata timestamp="Thu, 21 Jun 2012 18:54:51 +0000" tag="submitter">craig</metadata>
|
||||
<metadata tag="requester" timestamp="2011-10-07T23:37:00Z">underling</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-17T18:08:16Z">craig</metadata>
|
||||
</glsa>
|
||||
|
||||
@ -6,8 +6,8 @@
|
||||
attack.
|
||||
</synopsis>
|
||||
<product type="ebuild"></product>
|
||||
<announced>June 26, 2016</announced>
|
||||
<revised>June 26, 2016: 1</revised>
|
||||
<announced>2016-06-26</announced>
|
||||
<revised>2017-04-17: 2</revised>
|
||||
<bug>564774</bug>
|
||||
<access>local</access>
|
||||
<affected>
|
||||
@ -26,8 +26,8 @@
|
||||
<description>
|
||||
<p>sudoedit in sudo is vulnerable to the escalation of privileges by local
|
||||
users via a symlink attack. This can be exploited by a file whose full
|
||||
path is defined using multiple wildcards in /etc/sudoers, as demonstrated
|
||||
by “/home/<em>/</em>/file.txt.
|
||||
path is defined using multiple wildcards in “/etc/sudoers”, as
|
||||
demonstrated by “/home/*/*/file.txt”.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
@ -49,8 +49,6 @@
|
||||
CVE-2015-5602
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="Wed, 23 Dec 2015 23:28:50 +0000">
|
||||
BlueKnight
|
||||
</metadata>
|
||||
<metadata tag="submitter" timestamp="Sun, 26 Jun 2016 13:48:21 +0000">b-man</metadata>
|
||||
<metadata tag="requester" timestamp="2015-12-23T23:28:50Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-17T18:04:03Z">b-man</metadata>
|
||||
</glsa>
|
||||
|
||||
@ -7,8 +7,8 @@
|
||||
code.
|
||||
</synopsis>
|
||||
<product type="ebuild"></product>
|
||||
<announced>November 04, 2016</announced>
|
||||
<revised>November 04, 2016: 1</revised>
|
||||
<announced>2016-11-04</announced>
|
||||
<revised>2017-04-17: 2</revised>
|
||||
<bug>565026</bug>
|
||||
<bug>587566</bug>
|
||||
<access>remote</access>
|
||||
@ -59,14 +59,14 @@
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2"
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=app-office/libreoffice-bin-debug-5.1.4.2" <code></code>
|
||||
">=app-office/libreoffice-bin-debug-5.1.4.2"
|
||||
</code>
|
||||
|
||||
<p>All OpenOffice users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2"<code></code>
|
||||
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-4.1.2"
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
@ -84,8 +84,6 @@
|
||||
</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4324">CVE-2016-4324</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="Sat, 10 Sep 2016 07:32:58 +0000">
|
||||
BlueKnight
|
||||
</metadata>
|
||||
<metadata tag="submitter" timestamp="Fri, 04 Nov 2016 07:55:31 +0000">b-man</metadata>
|
||||
<metadata tag="requester" timestamp="2016-09-10T07:32:58Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-17T17:52:18Z">b-man</metadata>
|
||||
</glsa>
|
||||
|
||||
@ -7,7 +7,8 @@
|
||||
</synopsis>
|
||||
<product type="ebuild">libraw</product>
|
||||
<announced>2017-01-24</announced>
|
||||
<revised>2017-01-24: 1</revised>
|
||||
<revised>2017-04-30: 2</revised>
|
||||
<bug>549338</bug>
|
||||
<bug>567254</bug>
|
||||
<access>local, remote</access>
|
||||
<affected>
|
||||
@ -43,9 +44,10 @@
|
||||
</code>
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3885">CVE-2015-3885</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8366">CVE-2015-8366</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8367">CVE-2015-8367</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-01-18T08:14:05Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-01-24T10:53:14Z">b-man</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-30T20:28:16Z">b-man</metadata>
|
||||
</glsa>
|
||||
|
||||
@ -8,7 +8,8 @@
|
||||
</synopsis>
|
||||
<product type="ebuild">chromium</product>
|
||||
<announced>2017-04-10</announced>
|
||||
<revised>2017-04-10: 1</revised>
|
||||
<revised>2017-04-14: 2</revised>
|
||||
<bug>612190</bug>
|
||||
<bug>614276</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
@ -45,6 +46,23 @@
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5030">CVE-2017-5030</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5031">CVE-2017-5031</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5032">CVE-2017-5032</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5033">CVE-2017-5033</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5034">CVE-2017-5034</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5035">CVE-2017-5035</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5036">CVE-2017-5036</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5037">CVE-2017-5037</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5038">CVE-2017-5038</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5039">CVE-2017-5039</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5040">CVE-2017-5040</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5041">CVE-2017-5041</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5042">CVE-2017-5042</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5043">CVE-2017-5043</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5044">CVE-2017-5044</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5045">CVE-2017-5045</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5046">CVE-2017-5046</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5052">CVE-2017-5052</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5053">CVE-2017-5053</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5054">CVE-2017-5054</uri>
|
||||
@ -52,5 +70,5 @@
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5056">CVE-2017-5056</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-02T12:37:12Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-10T21:28:37Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-14T15:04:47Z">BlueKnight</metadata>
|
||||
</glsa>
|
||||
|
||||
58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml
vendored
Normal file
58
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201704-04.xml
vendored
Normal file
@ -0,0 +1,58 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201704-04">
|
||||
<title>Adobe Flash Player: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Adobe Flash Player, the
|
||||
worst of which allows remote attackers to execute arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">adobe-flash</product>
|
||||
<announced>2017-04-27</announced>
|
||||
<revised>2017-04-27: 2</revised>
|
||||
<bug>615244</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="www-plugins/adobe-flash" auto="yes" arch="*">
|
||||
<unaffected range="ge">25.0.0.148</unaffected>
|
||||
<vulnerable range="lt">25.0.0.148</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>The Adobe Flash Player is a renderer for the SWF file format, which is
|
||||
commonly used to provide interactive websites.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in Adobe Flash Player.
|
||||
Please review the CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process or bypass security restrictions.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Adobe Flash users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=www-plugins/adobe-flash-25.0.0.148"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3058">CVE-2017-3058</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3059">CVE-2017-3059</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3060">CVE-2017-3060</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3061">CVE-2017-3061</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3062">CVE-2017-3062</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3063">CVE-2017-3063</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3064">CVE-2017-3064</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-13T15:19:39Z">whissi</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-04-27T05:32:52Z">whissi</metadata>
|
||||
</glsa>
|
||||
59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml
vendored
Normal file
59
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-01.xml
vendored
Normal file
@ -0,0 +1,59 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201705-01">
|
||||
<title>libevent: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in libevent, the worst of
|
||||
which allows remote attackers to execute arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">libevent</product>
|
||||
<announced>2017-05-07</announced>
|
||||
<revised>2017-05-07: 1</revised>
|
||||
<bug>608042</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-libs/libevent" auto="yes" arch="*">
|
||||
<unaffected range="ge">2.1.7_rc</unaffected>
|
||||
<vulnerable range="lt">2.1.7_rc</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>libevent is a library to execute a function when a specific event occurs
|
||||
on a file descriptor.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in libevent. Please review
|
||||
the CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process, or cause a Denial of Service condition.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All libevent users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-libs/libevent-2.1.7_rc"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10195">
|
||||
CVE-2016-10195
|
||||
</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10196">
|
||||
CVE-2016-10196
|
||||
</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10197">
|
||||
CVE-2016-10197
|
||||
</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-27T05:45:34Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-05-07T20:14:35Z">whissi</metadata>
|
||||
</glsa>
|
||||
65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml
vendored
Normal file
65
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-02.xml
vendored
Normal file
@ -0,0 +1,65 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201705-02">
|
||||
<title>Chromium: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in the Chromium web
|
||||
browser, the worst of which allows remote attackers to execute arbitrary
|
||||
code.
|
||||
</synopsis>
|
||||
<product type="ebuild">chromium</product>
|
||||
<announced>2017-05-07</announced>
|
||||
<revised>2017-05-07: 1</revised>
|
||||
<bug>616048</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="www-client/chromium" auto="yes" arch="*">
|
||||
<unaffected range="ge">58.0.3029.81</unaffected>
|
||||
<vulnerable range="lt">58.0.3029.81</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Chromium is an open-source browser project that aims to build a safer,
|
||||
faster, and more stable way for all users to experience the web.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in the Chromium web
|
||||
browser. Please review the CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process, cause a Denial of Service condition, obtain
|
||||
sensitive information, bypass security restrictions or spoof content.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Chromium users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=www-client/chromium-58.0.3029.81"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5057">CVE-2017-5057</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5058">CVE-2017-5058</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5059">CVE-2017-5059</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5060">CVE-2017-5060</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5061">CVE-2017-5061</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5062">CVE-2017-5062</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5063">CVE-2017-5063</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5064">CVE-2017-5064</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5065">CVE-2017-5065</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5066">CVE-2017-5066</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5067">CVE-2017-5067</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5069">CVE-2017-5069</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-28T01:40:34Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-05-07T20:15:34Z">whissi</metadata>
|
||||
</glsa>
|
||||
75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml
vendored
Normal file
75
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-03.xml
vendored
Normal file
@ -0,0 +1,75 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201705-03">
|
||||
<title>Oracle JDK/JRE: Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in Oracle's JRE and JDK
|
||||
software suites, the worst of which may allow execution of arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">jre,jdk,oracle</product>
|
||||
<announced>2017-05-07</announced>
|
||||
<revised>2017-05-07: 1</revised>
|
||||
<bug>616050</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-java/oracle-jre-bin" auto="yes" arch="*">
|
||||
<unaffected range="ge">1.8.0.131</unaffected>
|
||||
<vulnerable range="lt">1.8.0.131</vulnerable>
|
||||
</package>
|
||||
<package name="dev-java/oracle-jdk-bin" auto="yes" arch="*">
|
||||
<unaffected range="ge">1.8.0.131</unaffected>
|
||||
<vulnerable range="lt">1.8.0.131</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>Java Platform, Standard Edition (Java SE) lets you develop and deploy
|
||||
Java applications on desktops and servers, as well as in today’s
|
||||
demanding embedded environments. Java offers the rich user interface,
|
||||
performance, versatility, portability, and security that today’s
|
||||
applications require.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in in Oracle’s JRE and
|
||||
JDK. Please review the CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process, gain access to information, or cause a Denial
|
||||
of Service condition.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All Oracle JRE users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=dev-java/oracle-jre-bin-1.8.0.131"
|
||||
</code>
|
||||
|
||||
<p>All Oracle JDK users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose
|
||||
">=dev-java/oracle-jdk-bin-1.8.0.131"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3509">CVE-2017-3509</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3511">CVE-2017-3511</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3512">CVE-2017-3512</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3514">CVE-2017-3514</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3526">CVE-2017-3526</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3533">CVE-2017-3533</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3539">CVE-2017-3539</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3544">CVE-2017-3544</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-28T06:54:02Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-05-07T20:16:21Z">whissi</metadata>
|
||||
</glsa>
|
||||
55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml
vendored
Normal file
55
sdk_container/src/third_party/portage-stable/metadata/glsa/glsa-201705-04.xml
vendored
Normal file
@ -0,0 +1,55 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
||||
<glsa id="201705-04">
|
||||
<title>Mozilla Network Security Service (NSS): Multiple vulnerabilities</title>
|
||||
<synopsis>Multiple vulnerabilities have been found in NSS, the worst of which
|
||||
may allow execution of arbitrary code.
|
||||
</synopsis>
|
||||
<product type="ebuild">nss</product>
|
||||
<announced>2017-05-07</announced>
|
||||
<revised>2017-05-07: 1</revised>
|
||||
<bug>616032</bug>
|
||||
<bug>616036</bug>
|
||||
<access>remote</access>
|
||||
<affected>
|
||||
<package name="dev-libs/nss" auto="yes" arch="*">
|
||||
<unaffected range="ge">3.29.5</unaffected>
|
||||
<vulnerable range="lt">3.29.5</vulnerable>
|
||||
</package>
|
||||
</affected>
|
||||
<background>
|
||||
<p>The Mozilla Network Security Service (NSS) is a library implementing
|
||||
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
|
||||
#12, S/MIME and X.509 certificates.
|
||||
</p>
|
||||
</background>
|
||||
<description>
|
||||
<p>Multiple vulnerabilities have been discovered in NSS. Please review the
|
||||
CVE identifiers referenced below for details.
|
||||
</p>
|
||||
</description>
|
||||
<impact type="normal">
|
||||
<p>A remote attacker could possibly execute arbitrary code with the
|
||||
privileges of the process, cause a Denial of Service condition, or view
|
||||
sensitive information.
|
||||
</p>
|
||||
</impact>
|
||||
<workaround>
|
||||
<p>There is no known workaround at this time.</p>
|
||||
</workaround>
|
||||
<resolution>
|
||||
<p>All NSS users should upgrade to the latest version:</p>
|
||||
|
||||
<code>
|
||||
# emerge --sync
|
||||
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.29.5"
|
||||
</code>
|
||||
|
||||
</resolution>
|
||||
<references>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5461">CVE-2017-5461</uri>
|
||||
<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5462">CVE-2017-5462</uri>
|
||||
</references>
|
||||
<metadata tag="requester" timestamp="2017-04-30T13:52:41Z">BlueKnight</metadata>
|
||||
<metadata tag="submitter" timestamp="2017-05-07T20:17:08Z">whissi</metadata>
|
||||
</glsa>
|
||||
@ -1 +1 @@
|
||||
Tue, 11 Apr 2017 18:09:39 +0000
|
||||
Mon, 08 May 2017 18:09:03 +0000
|
||||
|
||||
1
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
vendored
Normal file
1
sdk_container/src/third_party/portage-stable/metadata/glsa/timestamp.commit
vendored
Normal file
@ -0,0 +1 @@
|
||||
897a88bc971653dc30260f5432ee7d29adee1c07 1494188470 2017-05-07T20:21:10+00:00
|
||||
Loading…
Reference in New Issue
Block a user